From 661da0dfda7a908d767df0ee62c2bc82379ccfa4 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Tue, 21 Oct 2025 19:27:30 +0200 Subject: [PATCH 1/5] Add subscription --- class/defaults.yml | 19 +++++++ component/app.jsonnet | 10 +++- component/main.jsonnet | 56 ++++++++++++++++++- tests/defaults.yml | 12 +++- tests/forwarder.yml | 12 +++- .../splunk-operator/apps/splunk-operator.yaml | 4 ++ .../splunk-operator/00_namespace.yaml | 10 ++++ .../splunk-operator/10_operator_group.yaml | 9 +++ .../splunk-operator/20_subscriptions.yaml | 25 +++++++++ .../splunk-operator/apps/splunk-operator.yaml | 4 ++ .../splunk-operator/00_namespace.yaml | 10 ++++ .../splunk-operator/10_operator_group.yaml | 9 +++ .../splunk-operator/20_subscriptions.yaml | 25 +++++++++ 13 files changed, 199 insertions(+), 6 deletions(-) create mode 100644 tests/golden/defaults/splunk-operator/splunk-operator/00_namespace.yaml create mode 100644 tests/golden/defaults/splunk-operator/splunk-operator/10_operator_group.yaml create mode 100644 tests/golden/defaults/splunk-operator/splunk-operator/20_subscriptions.yaml create mode 100644 tests/golden/forwarder/splunk-operator/splunk-operator/00_namespace.yaml create mode 100644 tests/golden/forwarder/splunk-operator/splunk-operator/10_operator_group.yaml create mode 100644 tests/golden/forwarder/splunk-operator/splunk-operator/20_subscriptions.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 15a7771..6a740f0 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -2,4 +2,23 @@ parameters: splunk_operator: =_metadata: multi_tenant: true + namespace: syn-splunk-operator + + channel: 'stable' + + images: + splunk: + registry: docker.io + repository: splunk/splunk + tag: '10.0' + + operatorResources: + splunk: + requests: + memory: 64Mi + cpu: 10m + limits: + memory: 512Mi + + standalones: {} diff --git a/component/app.jsonnet b/component/app.jsonnet index 6115b70..689a57f 100644 --- a/component/app.jsonnet +++ b/component/app.jsonnet @@ -3,7 +3,15 @@ local inv = kap.inventory(); local params = inv.parameters.splunk_operator; local argocd = import 'lib/argocd.libjsonnet'; -local app = argocd.App('splunk-operator', params.namespace); +local app = argocd.App('splunk-operator', params.namespace) { + spec+: { + syncPolicy+: { + syncOptions+: [ + 'ServerSideApply=true', + ], + }, + }, +}; local appPath = local project = std.get(std.get(app, 'spec', {}), 'project', 'syn'); diff --git a/component/main.jsonnet b/component/main.jsonnet index 198d83d..6b957c8 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -1,10 +1,64 @@ // main template for splunk-operator +local com = import 'lib/commodore.libjsonnet'; local kap = import 'lib/kapitan.libjsonnet'; local kube = import 'lib/kube.libjsonnet'; +local operatorlib = import 'lib/openshift4-operators.libsonnet'; + local inv = kap.inventory(); -// The hiera parameters for the component local params = inv.parameters.splunk_operator; +// Namespace + +local namespace = kube.Namespace(params.namespace) { + metadata+: { + annotations+: { + 'openshift.io/node-selector': '', + 'argocd.argoproj.io/sync-wave': '-100', + }, + labels+: { + 'openshift.io/cluster-monitoring': 'true', + }, + }, +}; + +// OperatorGroup + +local operatorGroup = operatorlib.OperatorGroup('splunk-operator') { + metadata+: { + annotations+: { + 'argocd.argoproj.io/sync-wave': '-90', + }, + namespace: params.namespace, + }, +}; + +// Subscriptions + +local subscription = operatorlib.namespacedSubscription( + params.namespace, + 'splunk-operator', + params.channel, + 'certified-operators' +) { + metadata+: { + annotations+: { + 'argocd.argoproj.io/sync-wave': '-80', + }, + }, + spec+: { + config+: { + env: [ { + name: 'SPLUNK_GENERAL_TERMS', + value: '--accept-sgt-current-at-splunk-com', + } ], + resources: params.operatorResources.splunk, + }, + }, +}; + // Define outputs below { + '00_namespace': namespace, + '10_operator_group': operatorGroup, + '20_subscriptions': subscription, } diff --git a/tests/defaults.yml b/tests/defaults.yml index a4da5b7..8802c73 100644 --- a/tests/defaults.yml +++ b/tests/defaults.yml @@ -1,3 +1,11 @@ -# Overwrite parameters here +parameters: + kapitan: + dependencies: + - type: https + source: https://raw.githubusercontent.com/appuio/component-openshift4-operators/v1.0.2/lib/openshift4-operators.libsonnet + output_path: vendor/lib/openshift4-operators.libsonnet -# parameters: {...} + openshift4_operators: + defaultInstallPlanApproval: Automatic + defaultSource: openshift-operators-redhat + defaultSourceNamespace: openshift-operators-redhat diff --git a/tests/forwarder.yml b/tests/forwarder.yml index a4da5b7..8802c73 100644 --- a/tests/forwarder.yml +++ b/tests/forwarder.yml @@ -1,3 +1,11 @@ -# Overwrite parameters here +parameters: + kapitan: + dependencies: + - type: https + source: https://raw.githubusercontent.com/appuio/component-openshift4-operators/v1.0.2/lib/openshift4-operators.libsonnet + output_path: vendor/lib/openshift4-operators.libsonnet -# parameters: {...} + openshift4_operators: + defaultInstallPlanApproval: Automatic + defaultSource: openshift-operators-redhat + defaultSourceNamespace: openshift-operators-redhat diff --git a/tests/golden/defaults/splunk-operator/apps/splunk-operator.yaml b/tests/golden/defaults/splunk-operator/apps/splunk-operator.yaml index e69de29..6825b97 100644 --- a/tests/golden/defaults/splunk-operator/apps/splunk-operator.yaml +++ b/tests/golden/defaults/splunk-operator/apps/splunk-operator.yaml @@ -0,0 +1,4 @@ +spec: + syncPolicy: + syncOptions: + - ServerSideApply=true diff --git a/tests/golden/defaults/splunk-operator/splunk-operator/00_namespace.yaml b/tests/golden/defaults/splunk-operator/splunk-operator/00_namespace.yaml new file mode 100644 index 0000000..e5b5f9f --- /dev/null +++ b/tests/golden/defaults/splunk-operator/splunk-operator/00_namespace.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + openshift.io/node-selector: '' + labels: + name: syn-splunk-operator + openshift.io/cluster-monitoring: 'true' + name: syn-splunk-operator diff --git a/tests/golden/defaults/splunk-operator/splunk-operator/10_operator_group.yaml b/tests/golden/defaults/splunk-operator/splunk-operator/10_operator_group.yaml new file mode 100644 index 0000000..c28b96e --- /dev/null +++ b/tests/golden/defaults/splunk-operator/splunk-operator/10_operator_group.yaml @@ -0,0 +1,9 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-90' + labels: + name: splunk-operator + name: splunk-operator + namespace: syn-splunk-operator diff --git a/tests/golden/defaults/splunk-operator/splunk-operator/20_subscriptions.yaml b/tests/golden/defaults/splunk-operator/splunk-operator/20_subscriptions.yaml new file mode 100644 index 0000000..7664998 --- /dev/null +++ b/tests/golden/defaults/splunk-operator/splunk-operator/20_subscriptions.yaml @@ -0,0 +1,25 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-80' + labels: + name: splunk-operator + name: splunk-operator + namespace: syn-splunk-operator +spec: + channel: stable + config: + env: + - name: SPLUNK_GENERAL_TERMS + value: --accept-sgt-current-at-splunk-com + resources: + limits: + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + installPlanApproval: Automatic + name: splunk-operator + source: certified-operators + sourceNamespace: openshift-operators-redhat diff --git a/tests/golden/forwarder/splunk-operator/apps/splunk-operator.yaml b/tests/golden/forwarder/splunk-operator/apps/splunk-operator.yaml index e69de29..6825b97 100644 --- a/tests/golden/forwarder/splunk-operator/apps/splunk-operator.yaml +++ b/tests/golden/forwarder/splunk-operator/apps/splunk-operator.yaml @@ -0,0 +1,4 @@ +spec: + syncPolicy: + syncOptions: + - ServerSideApply=true diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/00_namespace.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/00_namespace.yaml new file mode 100644 index 0000000..e5b5f9f --- /dev/null +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/00_namespace.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + openshift.io/node-selector: '' + labels: + name: syn-splunk-operator + openshift.io/cluster-monitoring: 'true' + name: syn-splunk-operator diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/10_operator_group.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/10_operator_group.yaml new file mode 100644 index 0000000..c28b96e --- /dev/null +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/10_operator_group.yaml @@ -0,0 +1,9 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-90' + labels: + name: splunk-operator + name: splunk-operator + namespace: syn-splunk-operator diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/20_subscriptions.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/20_subscriptions.yaml new file mode 100644 index 0000000..7664998 --- /dev/null +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/20_subscriptions.yaml @@ -0,0 +1,25 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-80' + labels: + name: splunk-operator + name: splunk-operator + namespace: syn-splunk-operator +spec: + channel: stable + config: + env: + - name: SPLUNK_GENERAL_TERMS + value: --accept-sgt-current-at-splunk-com + resources: + limits: + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + installPlanApproval: Automatic + name: splunk-operator + source: certified-operators + sourceNamespace: openshift-operators-redhat From 9d8263a5fb950382d6e3cbea787dbb56d719a4f0 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Tue, 21 Oct 2025 21:58:12 +0200 Subject: [PATCH 2/5] Support defining Splunk instances --- class/defaults.yml | 2 +- class/splunk-operator.yml | 1 + component/standalone.jsonnet | 157 ++++++++++++++++++ component/utils.libsonnet | 21 +++ .../ROOT/pages/references/parameters.adoc | 112 ++++++++++++- lib/splunk-operator.libsonnet | 29 ++++ tests/forwarder.yml | 25 +++ .../50_standalone_test1_heavyforwarder.yaml | 60 +++++++ .../50_standalone_test2_heavyforwarder.yaml | 93 +++++++++++ 9 files changed, 496 insertions(+), 4 deletions(-) create mode 100644 component/standalone.jsonnet create mode 100644 component/utils.libsonnet create mode 100644 lib/splunk-operator.libsonnet create mode 100644 tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml create mode 100644 tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 6a740f0..1879db6 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -21,4 +21,4 @@ parameters: limits: memory: 512Mi - standalones: {} + instances: {} diff --git a/class/splunk-operator.yml b/class/splunk-operator.yml index 0cc3bd0..db662cc 100644 --- a/class/splunk-operator.yml +++ b/class/splunk-operator.yml @@ -7,5 +7,6 @@ parameters: output_path: . - input_paths: - ${_base_directory}/component/main.jsonnet + - ${_base_directory}/component/standalone.jsonnet input_type: jsonnet output_path: splunk-operator/ diff --git a/component/standalone.jsonnet b/component/standalone.jsonnet new file mode 100644 index 0000000..41e4369 --- /dev/null +++ b/component/standalone.jsonnet @@ -0,0 +1,157 @@ +// main template for splunk-operator +local com = import 'lib/commodore.libjsonnet'; +local kap = import 'lib/kapitan.libjsonnet'; +local kube = import 'lib/kube.libjsonnet'; +local splunk = import 'lib/splunk-operator.libsonnet'; +local utils = import 'utils.libsonnet'; +local inv = kap.inventory(); + +// The hiera parameters for the component +local params = inv.parameters.splunk_operator; + +local namespacedName(name, namespace='') = { + local namespaced = std.splitLimit(name, '/', 1), + local ns = if namespace != '' then namespace else params.namespace, + namespace: if std.length(namespaced) > 1 then namespaced[0] else ns, + name: if std.length(namespaced) > 1 then namespaced[1] else namespaced[0], +}; + +// AppConfigs + +local appConfigs(instance) = [ + { + apiVersion: 'v1', + kind: 'Secret', + metadata: { + annotations: utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: 'splunk-appconfig-%s' % app, + namespace: namespacedName(instance).namespace, + }, + type: 'Opaque', + data: params.instances[instance].appConfigs[app], + } + for app in std.objectFields(std.get(params.instances[instance], 'appConfigs', {})) + if params.instances[instance].appConfigs[app] != null +]; + +// Standalone Resource + +local patchImage = { + spec: { + image: '%(registry)s/%(repository)s:%(tag)s' % params.images.splunk, + }, +}; + +local patchServiceAccount(instance) = { + spec: { + serviceAccount: namespacedName(instance).name, + }, +}; + +local patchAppConfigs(instance) = { + [if std.objectHas(params.instances[instance], 'appConfigs') then 'spec']: { + volumes: [ + { + name: std.strReplace(appConfig.metadata.name, 'splunk-appconfig-', ''), + secret: { + secretName: appConfig.metadata.name, + }, + } + for appConfig in appConfigs(instance) + if appConfig != null + ], + }, +}; + +local patchConfigSpecs(instance) = { + [if std.objectHas(params.instances[instance], 'standalone') then 'spec']: params.instances[instance].standalone, +}; + +// Consecutively apply patches to result of previous apply. +local standalone(instance) = std.foldl( + // we use std.mergePatch here, because this way we don't need + // to make each patch object mergeable by suffixing all keys with a +. + function(manifest, patch) std.mergePatch(manifest, patch), + [ + // patchImage, + patchAppConfigs(instance), + patchServiceAccount(instance), + patchConfigSpecs(instance), + ], + splunk.Standalone_v4(namespacedName(instance).name) { + metadata+: { + annotations: utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + }, + } +); + +// local instance(instanceName) = [ +// standalone(instanceName), +// apps(instanceName), +// serviceAccount(instanceName), +// roleBinding(instanceName), +// ]; + +// Namespace + +local namespace(instance) = { + apiVersion: 'v1', + kind: 'Namespace', + metadata: { + annotations: { + 'argocd.argoproj.io/sync-wave': '-50', + } + utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: namespacedName(instance).namespace, + }, +}; + +// RABC + +local serviceAccount(instance) = { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + annotations: utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: standalone(instance).spec.serviceAccount, + namespace: namespacedName(instance).namespace, + }, +}; + +local roleBinding(instance) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + annotations: utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: 'splunk-standalone-%(name)s-nonroot-v2' % namespacedName(instance), + namespace: namespacedName(instance).namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'system:openshift:scc:nonroot-v2', + }, + subjects: [ + { + kind: 'ServiceAccount', + name: standalone(instance).spec.serviceAccount, + namespace: serviceAccount(instance).metadata.namespace, + }, + ], +}; + +// Define outputs below +{ + [if std.length(params.instances) > 0 then '50_standalone_%s' % std.strReplace(instance, '/', '_')]: [ + namespace(instance), + standalone(instance), + serviceAccount(instance), + roleBinding(instance), + ] + appConfigs(instance) + for instance in std.objectFields(params.instances) + if params.instances[instance] != null +} diff --git a/component/utils.libsonnet b/component/utils.libsonnet new file mode 100644 index 0000000..0c47ed3 --- /dev/null +++ b/component/utils.libsonnet @@ -0,0 +1,21 @@ +// main template for splunk-operator +local commonAnnotations = { + 'syn.tools/source': 'https://github.com/projectsyn/component-splunk-operator.git', +}; + +local commonLabels = { + 'app.kubernetes.io/managed-by': 'commodore', + 'app.kubernetes.io/part-of': 'syn', + 'app.kubernetes.io/component': 'splunk', +}; + +local commonLabelsWithInstance(name) = commonLabels { + 'app.kubernetes.io/instance': name, +}; + +// Define outputs below +{ + commonAnnotations: commonAnnotations, + commonLabels: commonLabels, + commonLabelsWithInstance: commonLabelsWithInstance, +} diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 7774ef8..1154645 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -1,6 +1,7 @@ = Parameters -The parent key for all of the following parameters is `splunk_operator`. +The parent key for all of the following parameters is `splunk-operator`. + == `namespace` @@ -11,9 +12,114 @@ default:: `syn-splunk-operator` The namespace in which to deploy this component. +== `channel` + +[horizontal] +type:: string +default:: `stable` + +Channel of the operator subscription to use. + + +== `operatorResources.splunk` + +[horizontal] +type:: dictionary +default:: see `defaults.yml` + +A dictionary holding the `.spec.config.resources` for OLM subscriptions maintained by this component. + + +== `instances` + +[horizontal] +type:: dictionary +default:: `{}` +example:: ++ +[source] +---- +splunk_operator: + instances: + my-namespace/my-instance: {} +---- + +A dictionary defining namespaced Splunk resources. + +=== `instances.{}.standalone` + +[horizontal] +type:: dictionary +example:: ++ +[source] +---- +splunk_operator: + instances: + my-namespace/my-instance: + standalone: + serviceAccount: my-serviceaccount +---- + +Defines the spec of a Splunk `Standalone` resource. See https://splunk.github.io/splunk-operator/Examples.html#using-default-settings[Splunk Operator Documentation] for more details. + +Also creates the RoleBinding and ServiceAccount for the `Standalone` resource. + + +=== `instances.{}.appConfigs` + +[horizontal] +type:: dictionary +example:: ++ +[source] +---- +splunk_operator: + instances: + my-namespace/my-instance: + appConfigs: + test1: + my-app1.tgz: ... <1> + my-app2.tgz: ... + test2: + other-app.tgz: ... + standalone: + defaults: | + splunk: + apps_location: + - /mnt/test1/my-app1.tgz <2> + - /mnt/test1/my-app2.tgz + - /mnt/test2/other-app.tgz +---- +<1> A Base64 encoded app configuration. +<2> The configured appConfigs will be mounted as volumes in `/mnt`. + +Creates `Secrets` containing the Base64 encoded apps and mounts them as volumes in Splunks `Standalone` resource. + + == Example -[source,yaml] +[source] ---- -namespace: example-namespace +splunk_operator: + instances: + test1/heavyforwarder: + appConfigs: + test1: + my-app.tgz: "BINARY_DATA" + standalone: + serviceAccount: splunk-forwarder + defaults: | + splunk: + role: splunk_heavy_forwarder + admin_user: splunk-admin + password: supersecret + apps_location: + - /mnt/test1/my-app.tgz + hec: + enable: true + s2s: + enable: false + ssl: + enable: false ---- diff --git a/lib/splunk-operator.libsonnet b/lib/splunk-operator.libsonnet new file mode 100644 index 0000000..34f172c --- /dev/null +++ b/lib/splunk-operator.libsonnet @@ -0,0 +1,29 @@ +/** + * \file splunk.libsonnet + * \brief Helpers to create Splunk CRs. + */ + +local com = import 'lib/commodore.libjsonnet'; +local groupVersionPrefix = 'enterprise.splunk.com/'; + +/** + * \brief Helper to create Standalone objects. + * + * \arg The name of the Standalone resource. + * \arg The version of the Splunk apiGroup, defaults to 'v4'. + * \return A Standalone object. + */ +local standalone(name, v='v4') = { + apiVersion: groupVersionPrefix + v, + kind: 'Standalone', + metadata: { + labels: { + 'app.kubernetes.io/name': name, + }, + name: name, + }, +}; + +{ + Standalone_v4(name): standalone(name, 'v4'), +} diff --git a/tests/forwarder.yml b/tests/forwarder.yml index 8802c73..d87990d 100644 --- a/tests/forwarder.yml +++ b/tests/forwarder.yml @@ -9,3 +9,28 @@ parameters: defaultInstallPlanApproval: Automatic defaultSource: openshift-operators-redhat defaultSourceNamespace: openshift-operators-redhat + + splunk_operator: + instances: + test1/heavyforwarder: + standalone: + serviceAccount: splunk-forwarder + test2/heavyforwarder: + appConfigs: + test1: + my-app.tgz: "BINARY_DATA" + standalone: + serviceAccount: splunk-forwarder + defaults: | + splunk: + role: splunk_heavy_forwarder + admin_user: splunk-admin + password: supersecret + apps_location: + - /mnt/test1/my-app.tgz + hec: + enable: true + s2s: + enable: false + ssl: + enable: false diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml new file mode 100644 index 0000000..43913c0 --- /dev/null +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-50' + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: test1 +--- +apiVersion: enterprise.splunk.com/v4 +kind: Standalone +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: heavyforwarder +spec: + serviceAccount: splunk-forwarder +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-forwarder + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-standalone-heavyforwarder-nonroot-v2 + namespace: test1 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:nonroot-v2 +subjects: + - kind: ServiceAccount + name: splunk-forwarder + namespace: test1 diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml new file mode 100644 index 0000000..e586949 --- /dev/null +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-50' + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: test2 +--- +apiVersion: enterprise.splunk.com/v4 +kind: Standalone +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: heavyforwarder +spec: + defaults: | + splunk: + role: splunk_heavy_forwarder + admin_user: splunk-admin + password: supersecret + apps_location: + - /mnt/test1/my-app.tgz + hec: + enable: true + s2s: + enable: false + ssl: + enable: false + serviceAccount: splunk-forwarder + volumes: + - name: test1 + secret: + secretName: splunk-appconfig-test1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-forwarder + namespace: test2 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-standalone-heavyforwarder-nonroot-v2 + namespace: test2 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:nonroot-v2 +subjects: + - kind: ServiceAccount + name: splunk-forwarder + namespace: test2 +--- +apiVersion: v1 +data: + my-app.tgz: BINARY_DATA +kind: Secret +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-appconfig-test1 + namespace: test2 +type: Opaque From 3c57ae190284278a25ac10a43cea152c45502b4c Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Tue, 21 Oct 2025 22:10:50 +0200 Subject: [PATCH 3/5] Dont create namespace by default --- component/standalone.jsonnet | 41 ++++++++++--------- .../ROOT/pages/references/parameters.adoc | 18 +++++++- tests/forwarder.yml | 1 + ... => 50_instance_test1_heavyforwarder.yaml} | 0 ... => 50_instance_test2_heavyforwarder.yaml} | 13 ------ 5 files changed, 39 insertions(+), 34 deletions(-) rename tests/golden/forwarder/splunk-operator/splunk-operator/{50_standalone_test1_heavyforwarder.yaml => 50_instance_test1_heavyforwarder.yaml} (100%) rename tests/golden/forwarder/splunk-operator/splunk-operator/{50_standalone_test2_heavyforwarder.yaml => 50_instance_test2_heavyforwarder.yaml} (85%) diff --git a/component/standalone.jsonnet b/component/standalone.jsonnet index 41e4369..38386f1 100644 --- a/component/standalone.jsonnet +++ b/component/standalone.jsonnet @@ -94,20 +94,6 @@ local standalone(instance) = std.foldl( // roleBinding(instanceName), // ]; -// Namespace - -local namespace(instance) = { - apiVersion: 'v1', - kind: 'Namespace', - metadata: { - annotations: { - 'argocd.argoproj.io/sync-wave': '-50', - } + utils.commonAnnotations, - labels: utils.commonLabelsWithInstance(namespacedName(instance).name), - name: namespacedName(instance).namespace, - }, -}; - // RABC local serviceAccount(instance) = { @@ -144,14 +130,29 @@ local roleBinding(instance) = { ], }; +// Namespace + +local namespace(instance) = if std.get(params.instances[instance], 'createNamespace', false) then { + apiVersion: 'v1', + kind: 'Namespace', + metadata: { + annotations: { + 'argocd.argoproj.io/sync-wave': '-50', + } + utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: namespacedName(instance).namespace, + }, +}; + // Define outputs below { - [if std.length(params.instances) > 0 then '50_standalone_%s' % std.strReplace(instance, '/', '_')]: [ - namespace(instance), - standalone(instance), - serviceAccount(instance), - roleBinding(instance), - ] + appConfigs(instance) + [if std.length(params.instances) > 0 then '50_instance_%s' % std.strReplace(instance, '/', '_')]: + std.filter(function(x) x != null, [ + namespace(instance), + standalone(instance), + serviceAccount(instance), + roleBinding(instance), + ] + appConfigs(instance)) for instance in std.objectFields(params.instances) if params.instances[instance] != null } diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 1154645..27df72f 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -65,7 +65,6 @@ Defines the spec of a Splunk `Standalone` resource. See https://splunk.github.io Also creates the RoleBinding and ServiceAccount for the `Standalone` resource. - === `instances.{}.appConfigs` [horizontal] @@ -96,6 +95,23 @@ splunk_operator: Creates `Secrets` containing the Base64 encoded apps and mounts them as volumes in Splunks `Standalone` resource. +=== `instances.{}.createNamespace` + +[horizontal] +type:: boolean +default:: `false` +example:: ++ +[source] +---- +splunk_operator: + instances: + my-namespace/my-instance: + createNamespace: true +---- + +Creates the `Namespace` for the Splunk instance. + == Example diff --git a/tests/forwarder.yml b/tests/forwarder.yml index d87990d..f42c6f3 100644 --- a/tests/forwarder.yml +++ b/tests/forwarder.yml @@ -13,6 +13,7 @@ parameters: splunk_operator: instances: test1/heavyforwarder: + createNamespace: true standalone: serviceAccount: splunk-forwarder test2/heavyforwarder: diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml similarity index 100% rename from tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test1_heavyforwarder.yaml rename to tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml similarity index 85% rename from tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml rename to tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml index e586949..8e94907 100644 --- a/tests/golden/forwarder/splunk-operator/splunk-operator/50_standalone_test2_heavyforwarder.yaml +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml @@ -1,16 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - argocd.argoproj.io/sync-wave: '-50' - syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git - labels: - app.kubernetes.io/component: splunk - app.kubernetes.io/instance: heavyforwarder - app.kubernetes.io/managed-by: commodore - app.kubernetes.io/part-of: syn - name: test2 ---- apiVersion: enterprise.splunk.com/v4 kind: Standalone metadata: From 233571542bee18a8fc734fe15c82ae8bd49dd893 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Mon, 27 Oct 2025 10:44:10 +0100 Subject: [PATCH 4/5] Support creating Ingress resources --- component/standalone.jsonnet | 41 ++++++++++++++++--- .../ROOT/pages/references/parameters.adoc | 17 ++++++++ tests/forwarder.yml | 1 + .../50_instance_test1_heavyforwarder.yaml | 26 ++++++++++++ .../50_instance_test2_heavyforwarder.yaml | 1 + 5 files changed, 80 insertions(+), 6 deletions(-) diff --git a/component/standalone.jsonnet b/component/standalone.jsonnet index 38386f1..6957dcf 100644 --- a/component/standalone.jsonnet +++ b/component/standalone.jsonnet @@ -83,16 +83,44 @@ local standalone(instance) = std.foldl( metadata+: { annotations: utils.commonAnnotations, labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + namespace: namespacedName(instance).namespace, }, } ); -// local instance(instanceName) = [ -// standalone(instanceName), -// apps(instanceName), -// serviceAccount(instanceName), -// roleBinding(instanceName), -// ]; +local route(instance) = if std.get(params.instances[instance], 'url', '') != '' then { + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + annotations: utils.commonAnnotations, + labels: utils.commonLabelsWithInstance(namespacedName(instance).name), + name: 'splunk-%s' % namespacedName(instance).name, + namespace: namespacedName(instance).namespace, + }, + spec: { + rules: [{ + host: params.instances[instance].url, + http: { + paths: [{ + backend: { + service: { + name: 'splunk-%s-standalone-service' % namespacedName(instance).name, + port: { + name: 'tcp-s2s', + }, + }, + }, + path: '/', + pathType: 'Prefix', + }], + }, + }], + // tls: [{ + // hosts: [ 'splunk-traffic-vshn-tdr-infra-prod.apps.ocp4.acrevison.ch' ], + // secretName: '%s-tls' % namespacedName(instance).name, + // }] + } +}; // RABC @@ -150,6 +178,7 @@ local namespace(instance) = if std.get(params.instances[instance], 'createNamesp std.filter(function(x) x != null, [ namespace(instance), standalone(instance), + route(instance), serviceAccount(instance), roleBinding(instance), ] + appConfigs(instance)) diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 27df72f..82f1434 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -112,6 +112,23 @@ splunk_operator: Creates the `Namespace` for the Splunk instance. +=== `instances.{}.url` + +[horizontal] +type:: string +default:: `` +example:: ++ +[source] +---- +splunk_operator: + instances: + my-namespace/my-instance: + url: my-forwarder.example.com +---- + +Creates an `Ingress` for the `Standalone` instance. + == Example diff --git a/tests/forwarder.yml b/tests/forwarder.yml index f42c6f3..c82d017 100644 --- a/tests/forwarder.yml +++ b/tests/forwarder.yml @@ -14,6 +14,7 @@ parameters: instances: test1/heavyforwarder: createNamespace: true + url: my-splunk.example.com standalone: serviceAccount: splunk-forwarder test2/heavyforwarder: diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml index 43913c0..5b77dbe 100644 --- a/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test1_heavyforwarder.yaml @@ -22,9 +22,35 @@ metadata: app.kubernetes.io/managed-by: commodore app.kubernetes.io/part-of: syn name: heavyforwarder + namespace: test1 spec: serviceAccount: splunk-forwarder --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + syn.tools/source: https://github.com/projectsyn/component-splunk-operator.git + labels: + app.kubernetes.io/component: splunk + app.kubernetes.io/instance: heavyforwarder + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/part-of: syn + name: splunk-heavyforwarder + namespace: test1 +spec: + rules: + - host: my-splunk.example.com + http: + paths: + - backend: + service: + name: splunk-heavyforwarder-standalone-service + port: + name: tcp-s2s + path: / + pathType: Prefix +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml index 8e94907..7829f5c 100644 --- a/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml +++ b/tests/golden/forwarder/splunk-operator/splunk-operator/50_instance_test2_heavyforwarder.yaml @@ -9,6 +9,7 @@ metadata: app.kubernetes.io/managed-by: commodore app.kubernetes.io/part-of: syn name: heavyforwarder + namespace: test2 spec: defaults: | splunk: From 37fae776c23256ee498dd8c26659e112fa99f7f3 Mon Sep 17 00:00:00 2001 From: DebakelOrakel <78408921+DebakelOrakel@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:41:48 +0100 Subject: [PATCH 5/5] Update docs/modules/ROOT/pages/references/parameters.adoc Co-authored-by: Simon Gerber --- .cruft.json | 4 ++-- docs/modules/ROOT/pages/references/parameters.adoc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.cruft.json b/.cruft.json index 1e7e743..418dbbd 100644 --- a/.cruft.json +++ b/.cruft.json @@ -21,9 +21,9 @@ "auto_release": "y", "copyright_holder": "VSHN AG ", "copyright_year": "2025", - "github_owner": "projectsyn", + "github_owner": "appuio", "github_name": "component-splunk-operator", - "github_url": "https://github.com/projectsyn/component-splunk-operator", + "github_url": "https://github.com/appuio/component-splunk-operator", "_template": "https://github.com/projectsyn/commodore-component-template.git", "_commit": "84a7c63ca26492da555344c23ccddac302ba0bb2" } diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 82f1434..94ab68e 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -1,6 +1,6 @@ = Parameters -The parent key for all of the following parameters is `splunk-operator`. +The parent key for all of the following parameters is `splunk_operator`. == `namespace`